

<!DOCTYPE html>
<html class="writer-html5" lang="en" >
<head>
  <meta charset="utf-8" />
  
  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
  
  <title>SNMP Gateway Service &mdash; Ceph Documentation</title>
  

  
  <link rel="stylesheet" href="../../../_static/ceph.css" type="text/css" />
  <link rel="stylesheet" href="../../../_static/pygments.css" type="text/css" />
  <link rel="stylesheet" href="../../../_static/graphviz.css" type="text/css" />
  <link rel="stylesheet" href="../../../_static/css/custom.css" type="text/css" />

  
  
    <link rel="shortcut icon" href="../../../_static/favicon.ico"/>
  

  
  

  

  
  <!--[if lt IE 9]>
    <script src="../../../_static/js/html5shiv.min.js"></script>
  <![endif]-->
  
    
      <script type="text/javascript" id="documentation_options" data-url_root="../../../" src="../../../_static/documentation_options.js"></script>
        <script src="../../../_static/jquery.js"></script>
        <script src="../../../_static/underscore.js"></script>
        <script src="../../../_static/doctools.js"></script>
    
    <script type="text/javascript" src="../../../_static/js/theme.js"></script>

    
    <link rel="index" title="Index" href="../../../genindex/" />
    <link rel="search" title="Search" href="../../../search/" />
    <link rel="next" title="Ceph 的升级" href="../../upgrade/" />
    <link rel="prev" title="Monitoring Services" href="../monitoring/" /> 
</head>

<body class="wy-body-for-nav">

   
  <header class="top-bar">
    

















<div role="navigation" aria-label="breadcrumbs navigation">

  <ul class="wy-breadcrumbs">
    
      <li><a href="../../../" class="icon icon-home"></a> &raquo;</li>
        
          <li><a href="../../">Cephadm</a> &raquo;</li>
        
          <li><a href="../">Service Management</a> &raquo;</li>
        
      <li>SNMP Gateway Service</li>
    
    
      <li class="wy-breadcrumbs-aside">
        
          
            <a href="../../../_sources/cephadm/services/snmp-gateway.rst.txt" rel="nofollow"> View page source</a>
          
        
      </li>
    
  </ul>

  
  <hr/>
</div>
  </header>
  <div class="wy-grid-for-nav">
    
    <nav data-toggle="wy-nav-shift" class="wy-nav-side">
      <div class="wy-side-scroll">
        <div class="wy-side-nav-search"  style="background: #eee" >
          

          
            <a href="../../../">
          

          
            
            <img src="../../../_static/logo.png" class="logo" alt="Logo"/>
          
          </a>

          

          
<div role="search">
  <form id="rtd-search-form" class="wy-form" action="../../../search/" method="get">
    <input type="text" name="q" placeholder="Search docs" />
    <input type="hidden" name="check_keywords" value="yes" />
    <input type="hidden" name="area" value="default" />
  </form>
</div>

          
        </div>

        
        <div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">
          
            
            
              
            
            
              <ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../../../start/intro/">Ceph 简介</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../install/">安装 Ceph</a></li>
<li class="toctree-l1 current"><a class="reference internal" href="../../">Cephadm</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="../../compatibility/">Compatibility and Stability</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../install/">部署个全新的 Ceph 集群</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../adoption/">现有集群切换到 cephadm</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../host-management/">Host Management</a></li>
<li class="toctree-l2 current"><a class="reference internal" href="../">Service Management</a><ul class="current">
<li class="toctree-l3"><a class="reference internal" href="../mon/">MON Service</a></li>
<li class="toctree-l3"><a class="reference internal" href="../mgr/">MGR Service</a></li>
<li class="toctree-l3"><a class="reference internal" href="../osd/">OSD Service</a></li>
<li class="toctree-l3"><a class="reference internal" href="../rgw/">RGW Service</a></li>
<li class="toctree-l3"><a class="reference internal" href="../mds/">MDS Service</a></li>
<li class="toctree-l3"><a class="reference internal" href="../nfs/">NFS Service</a></li>
<li class="toctree-l3"><a class="reference internal" href="../iscsi/">iSCSI Service</a></li>
<li class="toctree-l3"><a class="reference internal" href="../custom-container/">Custom Container Service</a></li>
<li class="toctree-l3"><a class="reference internal" href="../monitoring/">Monitoring Services</a></li>
<li class="toctree-l3 current"><a class="current reference internal" href="#">SNMP Gateway Service</a><ul>
<li class="toctree-l4"><a class="reference internal" href="#compatibility">Compatibility</a></li>
<li class="toctree-l4"><a class="reference internal" href="#deploying-an-snmp-gateway">Deploying an SNMP Gateway</a></li>
<li class="toctree-l4"><a class="reference internal" href="#deployment-examples">Deployment Examples</a></li>
<li class="toctree-l4"><a class="reference internal" href="#alertmanager-integration">AlertManager Integration</a></li>
<li class="toctree-l4"><a class="reference internal" href="#implementing-the-mib">Implementing the MIB</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../#service-status">Service Status</a></li>
<li class="toctree-l3"><a class="reference internal" href="../#daemon-status">Daemon Status</a></li>
<li class="toctree-l3"><a class="reference internal" href="../#service-specification">Service Specification</a></li>
<li class="toctree-l3"><a class="reference internal" href="../#daemon-placement">Daemon Placement</a></li>
<li class="toctree-l3"><a class="reference internal" href="../#removing-a-service">Removing a Service</a></li>
<li class="toctree-l3"><a class="reference internal" href="../#disabling-automatic-deployment-of-daemons">Disabling automatic deployment of daemons</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../../upgrade/">Ceph 的升级</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../operations/">Cephadm operations</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../client-setup/">Client Setup</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../troubleshooting/">Troubleshooting</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../dev/cephadm/">Cephadm Feature Planning</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../../rados/">Ceph 存储集群</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../cephfs/">Ceph 文件系统</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../rbd/">Ceph 块设备</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../radosgw/">Ceph 对象网关</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../mgr/">Ceph 管理器守护进程</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../mgr/dashboard/">Ceph 仪表盘</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../api/">API 文档</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../architecture/">体系结构</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../dev/developer_guide/">开发者指南</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../dev/internals/">Ceph 内幕</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../governance/">项目管理</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../foundation/">Ceph 基金会</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../ceph-volume/">ceph-volume</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../releases/general/">Ceph 版本（总目录）</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../releases/">Ceph 版本（索引）</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../security/">Security</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../glossary/">Ceph 术语</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../jaegertracing/">Tracing</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../translation_cn/">中文版翻译资源</a></li>
</ul>

            
          
        </div>
        
      </div>
    </nav>

    <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">

      
      <nav class="wy-nav-top" aria-label="top navigation">
        
          <i data-toggle="wy-nav-top" class="fa fa-bars"></i>
          <a href="../../../">Ceph</a>
        
      </nav>


      <div class="wy-nav-content">
        
        <div class="rst-content">
        
          <div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
           <div itemprop="articleBody">
            
<div id="dev-warning" class="admonition note">
  <p class="first admonition-title">Notice</p>
  <p class="last">This document is for a development version of Ceph.</p>
</div>
  <div id="docubetter" align="right" style="padding: 5px; font-weight: bold;">
    <a href="https://pad.ceph.com/p/Report_Documentation_Bugs">Report a Documentation Bug</a>
  </div>

  
  <div class="section" id="snmp-gateway-service">
<h1>SNMP Gateway Service<a class="headerlink" href="#snmp-gateway-service" title="Permalink to this headline">¶</a></h1>
<p><a class="reference external" href="https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol">SNMP</a> is still a widely used protocol, to monitor distributed systems and devices across a variety of hardware
and software platforms. Ceph’s SNMP integration focuses on forwarding alerts from it’s Prometheus Alertmanager
cluster to a gateway daemon. The gateway daemon, transforms the alert into an SNMP Notification and sends
it on to a designated SNMP management platform. The gateway daemon is from the <a class="reference external" href="https://github.com/maxwo/snmp_notifier">snmp_notifier</a> project,
which provides SNMP V2c and V3 support (authentication and encryption).</p>
<p>Ceph’s SNMP gateway service deploys one instance of the gateway by default. You may increase this
by providing placement information. However, bear in mind that if you enable multiple SNMP gateway daemons,
your SNMP management platform will receive multiple notifications for the same event.</p>
<div class="section" id="compatibility">
<h2>Compatibility<a class="headerlink" href="#compatibility" title="Permalink to this headline">¶</a></h2>
<p>The table below shows the SNMP versions that are supported by the gateway implementation</p>
<table class="docutils align-default">
<colgroup>
<col style="width: 22%" />
<col style="width: 15%" />
<col style="width: 64%" />
</colgroup>
<thead>
<tr class="row-odd"><th class="head"><p>SNMP Version</p></th>
<th class="head"><p>Supported</p></th>
<th class="head"><p>Notes</p></th>
</tr>
</thead>
<tbody>
<tr class="row-even"><td><p>V1</p></td>
<td><p>❌</p></td>
<td><p>Not supported by snmp_notifier</p></td>
</tr>
<tr class="row-odd"><td><p>V2c</p></td>
<td><p>✔</p></td>
<td></td>
</tr>
<tr class="row-even"><td><p>V3 authNoPriv</p></td>
<td><p>✔</p></td>
<td><p>uses username/password authentication, without
encryption (NoPriv = no privacy)</p></td>
</tr>
<tr class="row-odd"><td><p>V3 authPriv</p></td>
<td><p>✔</p></td>
<td><p>uses username/password authentication with
encryption to the SNMP management platform</p></td>
</tr>
</tbody>
</table>
</div>
<div class="section" id="deploying-an-snmp-gateway">
<h2>Deploying an SNMP Gateway<a class="headerlink" href="#deploying-an-snmp-gateway" title="Permalink to this headline">¶</a></h2>
<p>Both SNMP V2c and V3 provide credentials support. In the case of V2c, this is just the community string - but for V3
environments you must provide additional authentication information. These credentials are not supported on the command
line when deploying the service. Instead, you must create the service using a credentials file (in yaml format), or
specify the complete service definition in a yaml file.</p>
<div class="section" id="command-format">
<h3>Command format<a class="headerlink" href="#command-format" title="Permalink to this headline">¶</a></h3>
<div class="highlight-default notranslate"><div class="highlight"><pre><style type="text/css">
span.prompt1:before {
  content: "# ";
}
</style><span class="prompt1">ceph orch apply snmp-gateway &lt;snmp_version:V2c<span class="p">|</span>V3&gt; &lt;destination&gt; <span class="o">[</span>&lt;port:int&gt;<span class="o">]</span> <span class="o">[</span>&lt;engine_id&gt;<span class="o">]</span> <span class="o">[</span>&lt;auth_protocol: MD5<span class="p">|</span>SHA&gt;<span class="o">]</span> <span class="o">[</span>&lt;privacy_protocol:DES<span class="p">|</span>AES&gt;<span class="o">]</span> <span class="o">[</span>&lt;placement&gt;<span class="o">]</span> ...</span>
</pre></div></div><p>Usage Notes</p>
<ul class="simple">
<li><p>you must supply the <code class="docutils literal notranslate"><span class="pre">--snmp-version</span></code> parameter</p></li>
<li><p>the <code class="docutils literal notranslate"><span class="pre">--destination</span></code> parameter must be of the format hostname:port (no default)</p></li>
<li><p>you may omit <code class="docutils literal notranslate"><span class="pre">--port</span></code>. It defaults to 9464</p></li>
<li><p>the <code class="docutils literal notranslate"><span class="pre">--engine-id</span></code> is a unique identifier for the device (in hex) and required for SNMP v3 only.
Suggested value: 8000C53F&lt;fsid&gt; where the fsid is from your cluster, without the ‘-‘ symbols</p></li>
<li><p>for SNMP V3, the <code class="docutils literal notranslate"><span class="pre">--auth-protocol</span></code> setting defaults to <strong>SHA</strong></p></li>
<li><p>for SNMP V3, with encryption you must define the <code class="docutils literal notranslate"><span class="pre">--privacy-protocol</span></code></p></li>
<li><p>you <strong>must</strong> provide a -i &lt;filename&gt; to pass the secrets/passwords to the orchestrator</p></li>
</ul>
</div>
</div>
<div class="section" id="deployment-examples">
<h2>Deployment Examples<a class="headerlink" href="#deployment-examples" title="Permalink to this headline">¶</a></h2>
<div class="section" id="snmp-v2c">
<h3>SNMP V2c<a class="headerlink" href="#snmp-v2c" title="Permalink to this headline">¶</a></h3>
<p>Here’s an example for V2c, showing CLI and service based deployments</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">ceph orch apply snmp-gateway --port <span class="m">9464</span> --snmp_version<span class="o">=</span>V2c --destination<span class="o">=</span><span class="m">192</span>.168.122.73:162 -i ./snmp_creds.yaml</span>
</pre></div></div><p>with a credentials file that contains;</p>
<div class="highlight-yaml notranslate"><div class="highlight"><pre><span></span><span class="nn">---</span>
<span class="nt">snmp_community</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">public</span>
</pre></div>
</div>
<p>Alternatively, you can create a yaml definition for the gateway and apply it from a single file</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">ceph orch apply -i snmp-gateway.yml</span>
</pre></div></div><p>with the file containing the following configuration</p>
<div class="highlight-yaml notranslate"><div class="highlight"><pre><span></span><span class="nt">service_type</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">snmp-gateway</span>
<span class="nt">service_name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">snmp-gateway</span>
<span class="nt">placement</span><span class="p">:</span>
  <span class="nt">count</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">1</span>
<span class="nt">spec</span><span class="p">:</span>
  <span class="nt">credentials</span><span class="p">:</span>
    <span class="nt">snmp_community</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">public</span>
  <span class="nt">port</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">9464</span>
  <span class="nt">snmp_destination</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">192.168.122.73:162</span>
  <span class="nt">snmp_version</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">V2c</span>
</pre></div>
</div>
</div>
<div class="section" id="snmp-v3-authnopriv">
<h3>SNMP V3 (authNoPriv)<a class="headerlink" href="#snmp-v3-authnopriv" title="Permalink to this headline">¶</a></h3>
<p>Deploying an snmp-gateway service supporting SNMP V3 with authentication only, would look like this;</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">ceph orch apply snmp-gateway --snmp-version<span class="o">=</span>V3 --engine-id<span class="o">=</span>800C53F000000 --destination<span class="o">=</span><span class="m">192</span>.168.122.1:162 -i ./snmpv3_creds.yml</span>
</pre></div></div><p>with a credentials file as;</p>
<div class="highlight-yaml notranslate"><div class="highlight"><pre><span></span><span class="nn">---</span>
<span class="nt">snmp_v3_auth_username</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">myuser</span>
<span class="nt">snmp_v3_auth_password</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">mypassword</span>
</pre></div>
</div>
<p>or as a service configuration file</p>
<div class="highlight-yaml notranslate"><div class="highlight"><pre><span></span><span class="nt">service_type</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">snmp-gateway</span>
<span class="nt">service_name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">snmp-gateway</span>
<span class="nt">placement</span><span class="p">:</span>
  <span class="nt">count</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">1</span>
<span class="nt">spec</span><span class="p">:</span>
  <span class="nt">credentials</span><span class="p">:</span>
    <span class="nt">snmp_v3_auth_password</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">mypassword</span>
    <span class="nt">snmp_v3_auth_username</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">myuser</span>
  <span class="nt">engine_id</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">800C53F000000</span>
  <span class="nt">port</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">9464</span>
  <span class="nt">snmp_destination</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">192.168.122.1:162</span>
  <span class="nt">snmp_version</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">V3</span>
</pre></div>
</div>
</div>
<div class="section" id="snmp-v3-authpriv">
<h3>SNMP V3 (authPriv)<a class="headerlink" href="#snmp-v3-authpriv" title="Permalink to this headline">¶</a></h3>
<p>Defining an SNMP V3 gateway service that implements authentication and privacy (encryption), requires two additional values</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">ceph orch apply snmp-gateway --snmp-version<span class="o">=</span>V3 --engine-id<span class="o">=</span>800C53F000000 --destination<span class="o">=</span><span class="m">192</span>.168.122.1:162 --privacy-protocol<span class="o">=</span>AES -i ./snmpv3_creds.yml</span>
</pre></div></div><p>with a credentials file as;</p>
<div class="highlight-yaml notranslate"><div class="highlight"><pre><span></span><span class="nn">---</span>
<span class="nt">snmp_v3_auth_username</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">myuser</span>
<span class="nt">snmp_v3_auth_password</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">mypassword</span>
<span class="nt">snmp_v3_priv_password</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">mysecret</span>
</pre></div>
</div>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>The credentials are stored on the host, restricted to the root user and passed to the snmp_notifier daemon as
an environment file (<code class="docutils literal notranslate"><span class="pre">--env-file</span></code>), to limit exposure.</p>
</div>
</div>
</div>
<div class="section" id="alertmanager-integration">
<h2>AlertManager Integration<a class="headerlink" href="#alertmanager-integration" title="Permalink to this headline">¶</a></h2>
<p>When an SNMP gateway service is deployed or updated, the Prometheus Alertmanager configuration is automatically updated to forward any
alert that has an <a class="reference external" href="https://en.wikipedia.org/wiki/Object_identifier">OID</a> label to the SNMP gateway daemon for processing.</p>
</div>
<div class="section" id="implementing-the-mib">
<h2>Implementing the MIB<a class="headerlink" href="#implementing-the-mib" title="Permalink to this headline">¶</a></h2>
<p>To make sense of the SNMP Notification/Trap, you’ll need to apply the MIB to your SNMP management platform. The MIB (CEPH-MIB.txt) can
downloaded from the main Ceph <a class="reference external" href="https://github.com/ceph/ceph/tree/master/monitoring/snmp">repo</a></p>
</div>
</div>



           </div>
           
          </div>
          <footer>
    <div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">
        <a href="../../upgrade/" class="btn btn-neutral float-right" title="Ceph 的升级" accesskey="n" rel="next">Next <span class="fa fa-arrow-circle-right" aria-hidden="true"></span></a>
        <a href="../monitoring/" class="btn btn-neutral float-left" title="Monitoring Services" accesskey="p" rel="prev"><span class="fa fa-arrow-circle-left" aria-hidden="true"></span> Previous</a>
    </div>

  <hr/>

  <div role="contentinfo">
    <p>
        &#169; Copyright 2016, Ceph authors and contributors. Licensed under Creative Commons Attribution Share Alike 3.0 (CC-BY-SA-3.0).

    </p>
  </div> 

</footer>
        </div>
      </div>

    </section>

  </div>
  

  <script type="text/javascript">
      jQuery(function () {
          SphinxRtdTheme.Navigation.enable(true);
      });
  </script>

  
  
    
   

</body>
</html>